[Pkg-samba-maint] [samba] branch jessie updated (eb83711 -> d29a694)
Jelmer Vernooij
jelmer at moszumanska.debian.org
Sun Sep 4 14:30:35 UTC 2016
This is an automated email from the git hooks/post-receive script.
jelmer pushed a change to branch jessie
in repository samba.
from eb83711 Imported Debian patch 2:4.2.10+dfsg-0+deb8u3
new de7ad5d VERSION: Bump version up to 4.2.9...
new 542cbdf s3-client: Add a KRB5 wrapper for smbspool
new da8f785 waf: Only build smb_krb5_wrapper if we have CUPS
new 7205d15 s3:utils/smbget fix recursive download
new b065b1e s3: smbd: Fix timestamp rounding inside SMB2 create.
new d0697c5 docs: Add smbspool_krb5_wrapper manpage
new 3435f30 docs-xml: fix typo in smbspool_krb5_wrapper manpage.
new bd140e6 s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file.
new bf29f7d s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support.
new 6ff4dd7 loadparm: Fix memory leak issue.
new 7f8cbd8 param: Fix str_list_v3 to accept ; again
new d0ba284 lib/tsocket: workaround sockets not supporting FIONREAD
new cb0d8e1 ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."
new 995f757 docs: Add example for domain logins to smbspool man page.
new fe4a09d Real memeory leak(buildup) issue in loadparm.
new a93f708 Merge tag 'samba-4.2.9' into v4-2-test
new 0108e51 VERSION: Bump version up to 4.2.10...
new bd11d39 s3:smbd: rework negprot remote arch detection
new ffccce5 s3:smbd: add negprot remote arch detection for OSX
new 0dd1749 smbd: Only check dev/inode in open_directory, not the full stat()
new 3c7f303 VERSION: Bump version up to 4.2.10...
new 4f3e283 s4:auth/gensec_gssapi: remove compiler warnings
new 0d4412a s4:lib/tls: add tls_cert_generate() prototype to tls.h
new 4c5fe20 s4:lib/tls: remove allow_warnings=True
new 1b04d32 auth/kerberos: avoid compiler warnings
new 7bc4888 auth/kerberos: remove allow_warnings=True
new 7e7bfe1 s4:auth/gensec_gssapi: remove allow_warnings=True
new 8e597a7 s4-gensec: Check if we have delegated credentials.
new 983b0ea gensec: map KRB5KRB_AP_ERR_BAD_INTEGRITY to logon failure.
new 39431e5 s4:heimdal_build: define HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
new 26405f1 auth/credentials: use HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X instead of SAMBA4_USES_HEIMDAL
new 6b4479b s4:gensec/gssapi: use gensec_gssapi_max_{input,wrapped}_size() for all backends
new c14fa4d s4:gensec/gssapi: make calculation of gensec_gssapi_sig_size() for aes keys more clear
new e6f746e s3:libads/sasl: use gensec_max_{input,wrapped}_size() in ads_sasl_spnego_ntlmssp_bind
new fa70808 s4:lib/tls: fix tstream_tls_connect_send() define
new b8405b3 s4:lib/tls: ignore non-existing ca and crl files in tstream_tls_params_client()
new 53c92ba s4:libcli/ldap: conversion to tstream
new 6bf16fc s4:auth/gensec: remove unused and untested cyrus_sasl module
new 58789c5 s4:auth/gensec: remove unused include of lib/socket/socket.h
new 941abd1 s4:auth/gensec: remove unused gensec_socket_init()
new 6e50231 auth/gensec: remove unused gensec_[un]wrap_packets() hooks
new b1174ad s3:ntlm_auth: don't start gensec backend twice
new 0ef2b7a auth/credentials: anonymous should not try to use kerberos
new 9dddf6a midltests: add valid/midltests_DRS_EXTENSIONS.*
new 008d25b librpc/rpc: add faultcode to nt_status mappings
new 1e2d23d librpc/rpc: add dcerpc_fault_from_nt_status()
new d0ce818 librpc/rpc: add dcerpc_[extract|construct]_bind_time_features()
new 6c5078c s4:pyrpc: add base.bind_time_features_syntax(features)
new d8bd1cb lib/util: fix output format in dump_data*()
new 417807e librpc/ndr: make use of dump_data_cb() in ndr_dump_data()
new 427f202 Reduce number of places where sys.path is (possibly) updated for external module paths.
new e28c482 s4-tests/env_loadparm: Throw KeyError in case SMB_CONF_PATH
new 2b8a89c python/samba/tests: don't lower case path names in connect_samdb()
new 858b4bd s4-tests: Print out what the error is in delete_force()
new f8e78f9 s4-dsdb-test: Implement samdb_connect_env() to rely solely on environment
new 2dbf2f2 Avoid importing TestCase and TestSkipped from testtools.
new 775c1df Rename TestSkipped to Skiptest, consistent with Python 2.7.
new d82a560 selftest/tests/*.py: remove use of testtools.
new 5cc22fb Fix use of TestCase.skipTest on python2.6 now that we no longer use testtools.
new 72a7db4 Add custom implementations of TestCase.assertIs and TestCase.assertIsNot, for Python2.6.
new cc1b47c Add replacement addCleanup.
new 01b5c10 Use Samba TestCase class, as the python 2.6 one doesn't have assertIs, assertIsInstance or addCleanup.
new f4b7a42 Provide TestCase.assertIsInstance for python < 2.7.
new 17cbd88 Use samba TestCase so we get all compatibility functions on Python < 2.7.
new 44f45c3 Run cleanup after tearDown, for consistency with Python >= 2.7.
new 8abd8be Handle skips when running on python2.6.
new 478d84c Implement assertIsNone for Python < 2.7.
new f994c97 Implement TestCase.assertIn for older versions of Python.
new 7427812 Implement TestCase.assertIsNotNone for python < 2.7.
new ac466c7 python/samba/tests: add fallbacks for assert{Less,Greater}[Equal]()
new 5235af3 python/samba/tests: move hexdump() from DNSTest to TestCase
new 505c31e python/samba/tests: let the output of hexdump() match our C code in dump_data_cb()
new e5135c2 s3:winbindd: use check dcerpc_binding_handle_is_connected() instead of a specific status
new 7a68f81 libcli/smb: let tstream_smbXcli_np report connection errors as EPIPE instead of EIO
new 8688510 s4:torture/rpc: expect NT_STATUS_CONNECTION_DISCONNECTED when a dcerpc connection is not connected
new 320bfd5 s4:torture/rpc: expect NT_STATUS_CONNECTION_DISCONNECTED in torture_rpc_alter_context()
new e2acb2e python:samba/tests: don't use the x.alter_context() method in dcerpc/bare.py
new c8342ed s4:pyrpc: remove pointless alter_context() method
new bbc7426 dcerpc.idl: fix calculatin of uint16 secondary_address_size;
new e84d1f0 heimdal:lib/gssapi/krb5: make _gssapi_verify_pad() more robust
new f222d62 heimdal:lib/gssapi/krb5: fix indentation in _gk_wrap_iov()
new 4640ada heimdal:lib/gssapi/krb5: clear temporary buffer with cleartext data.
new 075ec8f heimdal:lib/gssapi/krb5: add const to arcfour_mic_key()
new 59986c3 heimdal:lib/gssapi/krb5: split out a arcfour_mic_cksum_iov() function
new bbff988 heimdal:lib/gssapi/krb5: implement gss_[un]wrap_iov[_length] with arcfour-hmac-md5
new c227eb6 auth/kerberos: add gssapi_get_sig_size() and gssapi_{seal,unseal,sign,check}_packet() helper functions
new 2cdcb2c s3:librpc/gse: make use of add gssapi_get_sig_size() and gssapi_{seal,unseal,sign,check}_packet() helper functions
new ecba7a9 s4:gensec/gssapi: make use of add gssapi_get_sig_size() and gssapi_{seal,unseal,sign,check}_packet() helper functions
new c892540 security.idl: add KERB_ENCTYPE_{FAST_SUPPORTED,COMPOUND_IDENTITY_SUPPORTED,CLAIMS_SUPPORTED,RESOURCE_SID_COMPRESSION_DISABLED}
new 235da54 Convert all uses of uint8/16/32 to uint8/16/32_t in the libads code.
new b99e5ba Convert all uint32/16/8 to _t in source3/libsmb.
new 73d868b libsmb: Print the principal name that we failed to kinit for.
new 2426e5d rpc_server: Fix CID 1035534 Uninitialized scalar variable
new c685323 rpc_server: Fix CID 1035535 Uninitialized scalar variable
new f0dcb43 Convert all uses of uint32/16/8 to _t in source3/rpc_server.
new 16343ed Convert all uses of uint32/16/8 to _t in source3/rpc_client.
new 618bf77 torture: Fix the usage of the MEMORY credential cache.
new 6775efd torture: Correctly invalidate the memory ccache.
new c4f578f torture: Free the temporary memory context
new 986b2a6 docs: Explain that winbindd enforces smb signing by default.
new 839452e lib/tls: Add new 'tls priority' option
new c8a3e03 lib/tls: Change default supported TLS versions.
new fc0df96 s4:selftest: run rpc.netlogon.admin against also ad_dc
new 810817f lib/util: globally include herrors in error.h
new d2bf0f7 s4:rpc_server: pass the remote address to gensec_set_remote_address()
new 7d64f42 Prevent a crash in Python modules that try to authenticate by ensuring we reject cases where credendials fields are not intialized.
new 8a8d380 asn1: Remove an unused asn1 function
new afd0849 asn1: Make asn1_peek_full_tag return 0/errno
new 165e6ff asn1: Add overflow check to asn1_write
new 6eca81c asn1: Add some early returns
new afbef75 asn1: Make "struct nesting" private
new 9d86ce3 asn1: Add asn1_has_error()
new 3aba426 lib: Use asn1_has_error()
new a8b03c4 asn1: Add asn1_set_error()
new 9c520e9 lib: Use asn1_set_error()
new 2a8a339 asn1: Add asn1_extract_blob()
new 79280a3 lib: Use asn1_extract_blob()
new 12396cf asn1: Add asn1_has_nesting
new 9e65ef3 lib: Use asn1_has_nesting
new f6a2ad0 asn1: Add asn1_current_ofs()
new f7ea845 lib: Use asn1_current_ofs()
new 17d663a libcli: Remove a reference to asn1->ofs
new d91415e asn1: Remove a reference to asn1_data internals
new 53988ca asn1: Make 'struct asn1_data' private
new 2057efc s3: smbclient: asn1_extract_blob() stops further asn1 processing by setting has_error.
new 2c5ba35 s3:clispnego: fix confusing warning in spnego_gen_krb5_wrap()
new 88c76da s3:pam_smbpass: remove unused dependency to LIBNTLMSSP
new 0a6405f tls: increase Diffie-Hellman group size to 2048 bits
new 0973458 ntlmssp: add some missing defines from MS-NLMP to our IDL.
new 5bcd766 ntlmssp: fix copy/paste typo in CHALLENGE_MESSAGE in IDL.
new c0f4c95 ntlmssp: properly document version defines in IDL (from MS-NLMP).
new 31ec805 ntlmssp: when pulling messages it is important to clear memory first.
new 8a09a9e s4-torture: fill in ntlmssp_NEGOTIATE_MESSAGE_check().
new cc6803d s4-torture: activate testing of CHALLENGE and AUTHENTICATE ntlmssp messages.
new ca3f4c3 s4-torture: flesh out ntlmssp_CHALLENGE_MESSAGE_check().
new 7d30bb7 s4-torture: add ndr pullpush validation for NTLMSSP CHALLENGE and AUTHENTICATE messages.
new 3dd652e s4-torture: flesh out ntlmssp_AUTHENTICATE_MESSAGE_check().
new 9ac8373 s4:torture/ntlmssp fix a compiler warning
new 84e3a91 spnego: Correctly check asn1_tag_remaining retval
new 76d4d9d lib/util_net: move ipv6 linklocal handling into interpret_string_addr_internal()
new cf4f1bc lib/util_net: add support for .ipv6-literal.net
new 5e4be46 s3:test_smbclient_auth.sh: test using the ip address in the unc path (incl. ipv6-literal.net)
new 7e1a935 s3:selftest: run samba3.blackbox.smbclient_auth.plain also with $SERVER_IPV6
new 8104a49 epmapper.idl: make epm_twr_t available in python bindings
new 4d7fdf1 dcerpc.idl: make WERROR RPC faults available in ndr_print output
new ebc2711 librpc/rpc: add error mappings for NO_CALL_ACTIVE, OUT_OF_RESOURCES and BAD_STUB_DATA
new 9b4eabb s4:librpc/rpc: map alter context SEC_PKG_ERROR to NT_STATUS_LOGON_FAILURE
new ff2a6f6 s3:libads: remove unused ads_connect_gc()
new b8fd2d0 wscript_configure_system_mitkrb5: add configure checks for GSS_KRB5_CRED_NO_CI_FLAGS_X
new 41ca435 s3:librpc/gse: make use of GSS_C_EMPTY_BUFFER in gse_init_client
new 3b4608c s3:librpc/gse: fix debug message in gse_init_client()
new a881c5f s3:librpc/gse: set GSS_KRB5_CRED_NO_CI_FLAGS_X in gse_init_client() if available
new ac9a891 s3:librpc/gse: correctly support GENSEC_FEATURE_SESSION_KEY
new c1f6fe4 s3:librpc/gse: don't log gss_acquire_creds failed at level 0
new 3353447 s3:librpc/gse: implement gensec_gse_max_{input,wrapped}_size()
new 744e043 s4:pygensec: make sig_size() and sign/check_packet() available
new 3b0fc77 auth/gensec: keep a pointer to a possible child/sub gensec_security context
new 66b2e5d auth/gensec: handle gensec_security_by_sasl_name(NULL, ...)
new 933ca54 auth/gensec: make gensec_security_by_name() public
new 7b92239 s3:auth_generic: add auth_generic_client_start_by_name()
new 0dd1f05 s3:auth_generic: add auth_generic_client_start_by_sasl()
new c6cbac8 auth/ntlmssp: keep ntlmssp_state->server.netbios_domain on the correct talloc context
new 8acba3b auth/ntlmssp: add gensec_ntlmssp_server_domain()
new dd2a2b7 s3:ntlm_auth: fix --use-cached-creds with ntlmssp-client-1
new 77d9b8c s3:torture/test_ntlm_auth.py: replace tabs with whitespaces
new b981475 s3:torture/test_ntlm_auth.py: add --client-use-cached-creds option
new bf52fad selftest/knownfail: s4-winbind doesn't support cached ntlm credentials
new 23b65d6 s3:tests/test_ntlm_auth_s3: test ntlmssp-client-1 with cached credentials
new bdbcffc winbindd: pass an memory context to do_ntlm_auth_with_stored_pw()
new 1742cec s3:auth_generic: make use of the top level NTLMSSP client code
new b3873ba s3:ntlmssp: remove unused libsmb/ntlmssp_wrap.c
new 0ece92e auth/ntlmssp: provide a "ntlmssp_resume_ccache" backend
new 653742d auth/gensec: add GENSEC_FEATURE_NTLM_CCACHE define
new c5a25e8 auth/ntlmssp: implement GENSEC_FEATURE_NTLM_CCACHE
new 53f6f3d s3:auth_generic: add "ntlmssp_resume_ccache" backend in auth_generic_client_prepare()
new 637f37b winbindd: make use of ntlmssp_resume_ccache backend for WINBINDD_CCACHE_NTLMAUTH
new 9cfc310 s3:ntlm_auth: also use gensec for "ntlmssp-client-1" and "gss-spnego-client"
new 7b20770 auth/ntlmssp: split out a debug_ntlmssp_flags_raw() that's more complete
new 7b39ef9 auth/ntlmssp: NTLMSSP_NEGOTIATE_VERSION is not a negotiated option
new e487dba auth/ntlmssp: define all client neg_flags in gensec_ntlmssp_client_start()
new d2b612d auth/ntlmssp: set NTLMSSP_ANONYMOUS for anonymous authentication
new e81031b auth/ntlmssp: don't send domain and workstation in the NEGOTIATE_MESSAGE
new 4f261d9 auth/ntlmssp: add ntlmssp_version_blob()
new 1526b7e auth/ntlmssp: let the client always include NTLMSSP_NEGOTIATE_VERSION
new a7243e3 auth/ntlmssp: use ntlmssp_version_blob() in the server
new 4222e9b security.idl: add LSAP_TOKEN_INFO_INTEGRITY
new 9176107 ntlmssp.idl: MsAvRestrictions is MsvAvSingleHost now
new 7c7ee91 ntlmssp.idl: make AV_PAIR_LIST public
new f2600f5 librpc/ndr: add ndr_ntlmssp_find_av() helper function
new 679b2c4 auth/ntlmssp: use ndr_push_AV_PAIR_LIST in gensec_ntlmssp_server_negotiate().
new b63aa96 auth/gensec: add GENSEC_FEATURE_LDAP_STYLE define
new c4b08fb auth/ntlmssp: implement GENSEC_FEATURE_LDAP_STYLE
new 1e19d98 auth/ntlmssp: add more compat for GENSEC_FEATURE_LDAP_STYLE
new 4a3c66d auth/ntlmssp: remove ntlmssp_unwrap() fallback for LDAP
new c531695 s4:libcli/ldap: make use of GENSEC_FEATURE_LDAP_STYLE
new a2c24e2 s4:libcli/ldap: fix retry authentication after a bad password
new 04a81c9 s4:selftest: we don't need to run ldap test with --option=socket:testnonblock=true
new 083682b s4:selftest: simplify the loops over samba4.ldb.ldap
new 3fd5063 s4:ldap_server: make use of GENSEC_FEATURE_LDAP_STYLE
new e5ca0c6 s3:libads: add missing TALLOC_FREE(frame) in error path
new 8368d9d s3:libads: make use of GENSEC_FEATURE_LDAP_STYLE
new 8c9308c s3:libads: make use of GENSEC_OID_SPNEGO in ads_sasl_spnego_ntlmssp_bind()
new a1476b9 s3:libads: provide a generic ads_sasl_spnego_gensec_bind() function
new d4369e3 s3:libads: don't pass given_principal to ads_generate_service_principal() anymore.
new 24a5cf6 s3:libads: keep service and hostname separately in ads_service_principal
new a427633 s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos
new db624e4 s3:libsmb: make use gensec based SPNEGO/NTLMSSP
new d9c89a5 s3:libsmb: unused ntlmssp.c
new 80c665b s3:libsmb: let cli_session_setup_ntlmssp*() use gensec_update_send/recv()
new 68a32f1 s3:libsmb: provide generic cli_session_setup_gensec_send/recv() pair
new ac680c1 s3:libsmb: call cli_state_remote_realm() within cli_session_setup_spnego_send()
new 1dd4e36 s3:libsmb: make use of cli_session_setup_gensec*() for Kerberos
new 28c23bd s3:libsmb: remove unused cli_session_setup_kerberos*() functions
new 54dd7b7 s3:libsmb: remove unused functions in clispnego.c
new 1989639 s4:torture/rpc: do testjoin only via ncalrpc or ncacn_np
new 6ae0007 s4:torture: the backupkey tests need to use ncacn_np: for LSA calls
new 3393d9b s4:selftest: run rpc.samr over ncacn_np instead of ncacn_ip_tcp
new fc5c623 s4:torture:samba3rpc: use an authenticated SMB connection and an anonymous DCERPC connection on top
new a99a012 s4:librpc/rpc: dcerpc_generic_session_key() should only be available on local transports
new 8f0d8f4 s4:rpc_server/samr: hide a possible NO_USER_SESSION_KEY error
new ad389f1 s4:rpc_server: dcesrv_generic_session_key should only work on local transports
new 66df1ed selftest: s!plugindc.samba.example.com!plugindom.samba.example.com!
new 61e6ca8 selftest: add some helper scripts to mange a CA
new 44b5d2d selftest: add config and script to create a samba.example.com CA
new 9030298 selftest: add CA-samba.example.com (non-binary) files
new d93ff57 selftest: mark commands in manage-CA-samba.example.com.sh as DONE
new 8b14e45 selftest: add Samba::prepare_keyblobs() helper function
new 9452268 selftest: use Samba::prepare_keyblobs() and use the certs from the new CA
new f40bc59 selftest: set tls crlfile if it exist
new 1838e168 selftest: setup information of new samba.example.com CA in the client environment
new 5e8f48b s3:selftest: rpc.samr.passwords.validate should run with [seal] in order to be realistic
new 9be91a7 s3:test_rpcclient_samlogon.sh: test samlogon with schannel
new 2d70e9f s4:torture/netlogon: add/use test_SetupCredentialsPipe() helper function
new 93863b8 s4:torture/rpc/samr: use DCERPC_SEAL in setup_schannel_netlogon_pipe()
new e80d4f9 s4:torture/rpc/samlogon: use DCERPC_SEAL for netr_LogonSamLogonEx and validation level 6
new 89298e5 s4:torture/rpc: correctly use torture_skip() for test_ManyGetDCName() without NCACN_NP
new 592baac s4:torture/rpc/schannel: don't use validation level 6 without privacy
new 2b442ce auth/gensec: make sure gensec_security_by_auth_type() returns NULL for AUTH_TYPE_NONE
new cceb49a auth/gensec: split out a gensec_verify_dcerpc_auth_level() function
new 3447148 s4:rpc_server: require access to the machine account credentials
new 62f4ee1 s4-smb_server: check for return code of cli_credentials_set_machine_account().
new 6891eeb s3-auth: check for return code of cli_credentials_set_machine_account().
new 1993e69 libsmb: Fix CID 1356312 Explicit null dereferenced
new 6138f8b libads: Fix CID 1356316 Uninitialized pointer read
new 9981c0b s4:selftest: run rpc.netlogon.admin also over ncalrpc and ncacn_ip_tcp
new d1ebe5b s3:rpc_server/samr: correctly handle session_extract_session_key() failures
new 8cd4741 s3:ntlm_auth: pass manage_squid_request() needs a valid struct ntlm_auth_state from within get_password()
new 8dcd3cb CVE-2016-2110(<=4.2): s4:winbind: implement the WBFLAG_BIG_NTLMV2_BLOB flag
new f789325 CVE-2016-2110: auth/ntlmssp: let ntlmssp_handle_neg_flags() return NTSTATUS
new 2c6474b CVE-2016-2110: auth/ntlmssp: maintain conf_flags and required_flags variables
new b7d6410 CVE-2016-2110: auth/ntlmssp: split allow_lm_response from allow_lm_key
new 332d580 CVE-2016-2110: auth/ntlmssp: don't allow a downgrade from NTLMv2 to LM_AUTH
new f78d549 CVE-2016-2110: auth/ntlmssp: don't let ntlmssp_handle_neg_flags() change ntlmssp_state->use_ntlmv2
new 9c171a5 CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require flags depending on the requested features
new 3c07679 CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require NTLM2 (EXTENDED_SESSIONSECURITY) when using ntlmv2
new e073b53 CVE-2016-2110: winbindd: add new_spnego to the WINBINDD_CCACHE_NTLMAUTH response
new c528a17 CVE-2016-2110: libcli/auth: use enum spnego_negResult instead of uint8_t
new a98f718 CVE-2016-2110: libcli/auth: add SPNEGO_REQUEST_MIC to enum spnego_negResult
new 0489a58 CVE-2016-2110: auth/gensec: fix the client side of a new_spnego exchange
new 639bd4d CVE-2016-2110: auth/gensec: fix the client side of a spnego downgrade
new 65deaae CVE-2016-2110: auth/gensec: require spnego mechListMIC exchange for new_spnego backends
new 2e35e39 CVE-2016-2110: auth/gensec: add gensec_may_reset_crypto() infrastructure
new 22bf4ed CVE-2016-2110: auth/ntlmssp: call ntlmssp_sign_init if we provide GENSEC_FEATURE_SIGN
new 3a8334d CVE-2016-2110: auth/ntlmssp: implement gensec_ntlmssp_may_reset_crypto()
new 3d783b7 CVE-2016-2110: auth/credentials: clear the LMv2 key for NTLMv2 in cli_credentials_get_ntlm_response()
new 76318d5 CVE-2016-2110: auth/credentials: pass server_timestamp to cli_credentials_get_ntlm_response()
new 741c532 CVE-2016-2110(<=4.2): auth/credentials: pass server_timestamp to cli_credentials_get_ntlm_response()
new 530f0d1 CVE-2016-2110: libcli/auth: pass server_timestamp to SMBNTLMv2encrypt_hash()
new bb90457 CVE-2016-2110: ntlmssp.idl: add NTLMSSP_MIC_{OFFSET,SIZE}
new 48b24ce CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC checking (as server)
new 65bd884 CVE-2016-2110(<=4.2): auth/ntlmssp: implement new_spnego support including MIC checking (as server)
new 280a371 CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC generation (as client)
new 2e11c70 CVE-2016-2111: auth/gensec: require DCERPC_AUTH_LEVEL_INTEGRITY or higher in schannel_update()
new fd1c98f CVE-2016-2111: auth/gensec: correctly report GENSEC_FEATURE_{SIGN,SEAL} in schannel_have_feature()
new 98c1677 CVE-2016-2111: s4:rpc_server: implement 'server schannel = yes' restriction
new fec6dae CVE-2016-2111: s3:rpc_server/netlogon: always go through netr_creds_server_step_check()
new 40397d1 CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
new 96e93b8 CVE-2016-2111: s3:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
new 7f74142 CVE-2016-2111: s4:torture/rpc: fix rpc.samba3.netlogon ntlmv2 test
new eafd2ce CVE-2016-2111: s4:torture/rpc: fix rpc.pac ntlmv2 test
new 610229e CVE-2016-2111: libcli/auth: add NTLMv2_RESPONSE_verify_netlogon_creds() helper function
new 9aae9b11 CVE-2016-2111: s4:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
new c741e86 CVE-2016-2111: s3:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
new ba33643 CVE-2016-2111: s4:torture/raw: don't use ntlmv2 for dos connection in raw.samba3badpath
new b1bcc58 CVE-2016-2111: s4:torture/base: don't use ntlmv2 for dos connection in base.samba3error
new 7188b6a CVE-2016-2111: s4:libcli: don't allow the LANMAN2 session setup without "client lanman auth = yes"
new 9f39d0f CVE-2016-2111: s4:param: use "client use spnego" to initialize options->use_spnego
new 2608fb3 CVE-2016-2111: s4:libcli: don't send a raw NTLMv2 response when we want to use spnego
new 1e35c14 CVE-2016-2111: s3:libsmb: don't send a raw NTLMv2 response when we want to use spnego
new 9b983ae CVE-2016-2111: docs-xml: document the new "client NTLMv2 auth" and "client use spnego" interaction
new b0c0ffe CVE-2016-2111: docs-xml: add "raw NTLMv2 auth" defaulting to "yes"
new 270f04c CVE-2016-2111(<=4.3): docs-xml: add "raw NTLMv2 auth" defaulting to "yes"
new f5e066c CVE-2016-2111: s3:auth: implement "raw NTLMv2 auth" checks
new 2ee2de4 CVE-2016-2111: s4:smb_server: implement "raw NTLMv2 auth" checks
new 9d6ffb3 CVE-2016-2111: selftest:Samba3: use "raw NTLMv2 auth = yes" for nt4_dc
new 531c5aa CVE-2016-2111: docs-xml/smbdotconf: default "raw NTLMv2 auth" to "no"
new 799557f CVE-2016-2112: s3:libads: make sure we detect downgrade attacks
new 8e63804 CVE-2016-2112: s4:libcli/ldap: honour "client ldap sasl wrapping" option
new 190de2d CVE-2016-2112: s4:libcli/ldap: make sure we detect downgrade attacks
new f8c3a46 CVE-2016-2112: s4:libcli/ldap: auto upgrade to SIGN after STRONG_AUTH_REQUIRED
new 6256822 CVE-2016-2112: s4:selftest: use --option=clientldapsaslwrapping=plain for plain connections
new 5a26043 CVE-2016-2112: s4:ldap_server: reduce scope of old_session_info variable
new efd47e4 CVE-2016-2112: docs-xml: add "ldap server require strong auth" option
new 2612783 CVE-2016-2112(<=4.3): docs-xml: add "ldap server require strong auth" option
new 5a5bede CVE-2016-2112: s4:ldap_server: implement "ldap server require strong auth" option
new 59c4273 CVE-2016-2112: s4:selftest: run samba4.ldap.bind against fl2008r2dc
new ded3595 CVE-2016-2112: selftest: servers with explicit "ldap server require strong auth" options
new 16472fc CVE-2016-2112: s4:selftest: run some ldap test against ad_dc_ntvfs, fl2008r2dc and fl2003dc
new 0a1d2b4 CVE-2016-2112: docs-xml: change the default of "ldap server require strong auth" to "yes"
new 1c25d638a CVE-2016-2113: s4:lib/tls: create better certificates and sign the host cert with the ca cert
new b8c5862 CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification
new f3d752f CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"
new d2d2236 CVE-2016-2113(<=4.3): docs-xml: add "tls verify peer" option defaulting to "no_check"
new da2065e CVE-2016-2113: s4:selftest: explicitly use '--option="tlsverifypeer=no_check" for some ldaps tests
new 3a73092 CVE-2016-2113: s4:libcli/ldap: verify the server certificate and hostname if configured
new 95da9fc CVE-2016-2113: s4:librpc/rpc: verify the rpc_proxy certificate and hostname if configured
new 64f8f67 CVE-2016-2113: selftest: test all "tls verify peer" combinations with ldaps
new dcf61e4 CVE-2016-2113: selftest: use "tls verify peer = no_check"
new ae4b827 CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"
new 141d4ac CVE-2016-2114: s4:smb2_server: fix session setup with required signing
new 87d7973 CVE-2016-2114: s3:smbd: use the correct default values for "smb signing"
new dfffc46 CVE-2016-2114: libcli/smb: let mandatory signing imply allowed signing
new a6ab8e7 CVE-2016-2114: s3:smbd: enforce "server signing = mandatory"
new 5fb616a CVE-2016-2114: docs-xml: let the "smb signing" documentation reflect the reality
new 4eefd40 CVE-2016-2115: docs-xml: add "client ipc min protocol" and "client ipc max protocol" options
new 7c7f42f CVE-2016-2115(<=4.3): docs-xml: add "client ipc min protocol" and "client ipc max protocol" options
new d5d1d63 CVE-2016-2115: docs-xml: add "client ipc signing" option
new 32d1130 CVE-2016-2115(<=4.3): docs-xml: add "client ipc signing" option
new 543b97d CVE-2016-2115: s4:libcli/raw: add smbcli_options.min_protocol
new a8dc7d6 CVE-2016-2115: s4:libcli/smb2: use the configured min_protocol
new 1afcdaa CVE-2016-2115: s4:libcli/raw: limit maxprotocol to NT1 in smb_raw_negotiate*()
new 1c24db6 CVE-2016-2115: s4:libcli/raw: pass the minprotocol to smb_raw_negotiate*()
new b7ea999 CVE-2016-2115: s4:librpc/rpc: make use of "client ipc *" options for ncacn_np
new 7f4be89 CVE-2016-2115: s3:winbindd: use lp_client_ipc_{min,max}_protocol()
new 2e3bcb7 CVE-2016-2115: s3:winbindd: use lp_client_ipc_signing()
new 95e334b CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT
new 15417d6 CVE-2016-2115: s3:libsmb: let SMB_SIGNING_IPC_DEFAULT use "client ipc min/max protocol"
new 7790d38 CVE-2016-2115: net: use SMB_SIGNING_IPC_DEFAULT
new ba52792 CVE-2016-2115: s3:lib/netapi: use SMB_SIGNING_IPC_DEFAULT
new bf4259a CVE-2016-2115: s3:auth_domain: use SMB_SIGNING_IPC_DEFAULT
new 54c9e0d CVE-2016-2115: s3:libnet: use SMB_SIGNING_IPC_DEFAULT
new 27939fc CVE-2016-2115: s3:libsmb: use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol()
new 8ee232f CVE-2016-2115: docs-xml: always default "client ipc signing" to "mandatory"
new 1c06e92 CVE-2016-2118: s4:rpc_server: make it possible to define a min_auth_level on a presentation context
new 1f3708a CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACY
new 08ca648 CVE-2016-2118: s4:rpc_server/backupkey: require DCERPC_AUTH_LEVEL_PRIVACY
new 889162a CVE-2016-2118: python:tests/dcerpc: use [sign] for dnsserver tests
new ddbcb11 CVE-2016-2118: s4:rpc_server/dnsserver: require at least DCERPC_AUTH_LEVEL_INTEGRITY
new dab41de CVE-2016-2118: s3: rpcclient: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
new 52aa7b6 CVE-2016-2118: librpc: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
new 7847ee8 CVE-2016-2118: s4:librpc: use integrity by default for authenticated binds
new ad99552 CVE-2016-2118: docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"
new db01cab CVE-2016-2118(<=4.3) docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"
new 29ab0d9 CVE-2016-2118: s4:rpc_server: make use of "allow dcerpc auth level connect"
new 5a9aa81 CVE-2016-2118: s4:rpc_server/lsa: reject DCERPC_AUTH_LEVEL_CONNECT by default
new bbc9a16 CVE-2016-2118: s4:rpc_server/samr: reject DCERPC_AUTH_LEVEL_CONNECT by default
new ee77128 CVE-2016-2118: s4:rpc_server/netlogon: reject DCERPC_AUTH_LEVEL_CONNECT by default
new b6e3f0c CVE-2016-2118: s4:rpc_server/epmapper: allow DCERPC_AUTH_LEVEL_CONNECT by default
new dd32cfc CVE-2016-2118: s4:rpc_server/mgmt: allow DCERPC_AUTH_LEVEL_CONNECT by default
new dbb5220 CVE-2016-2118: s4:rpc_server/rpcecho: allow DCERPC_AUTH_LEVEL_CONNECT by default
new f0b5e62 CVE-2016-2118: s3:rpc_server: make use of "allow dcerpc auth level connect"
new e34628f CVE-2016-2118: s3:rpc_server/{samr,lsa,netlogon}: reject DCERPC_AUTH_LEVEL_CONNECT by default
new d33cb24 CVE-2016-2118: s3:rpc_server/{epmapper,echo}: allow DCERPC_AUTH_LEVEL_CONNECT by default
new 2b1f995 CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no"
new 3410c21 CVE-2016-2118: s4:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
new 416f383 CVE-2016-2118: s3:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
new 17d9204 CVE-2015-5370: dcerpc.idl: add DCERPC_{NCACN_PAYLOAD,FRAG}_MAX_SIZE defines
new fce895b CVE-2015-5370: librpc/rpc: simplify and harden dcerpc_pull_auth_trailer()
new 2d2243c CVE-2015-5370: s3:librpc/rpc: don't call dcerpc_pull_auth_trailer() if auth_length is 0
new d6c4dde CVE-2015-5370: s4:librpc/rpc: send a dcerpc_sec_verification_trailer if needed
new b26aabe CVE-2015-5370: s4:librpc/rpc: maintain dcecli_security->auth_{type,level,context_id}
new 9153fc5 CVE-2015-5370: s4:librpc/rpc: use auth_context_id = 1
new d61cd59 CVE-2015-5370: s4:librpc/rpc: use a local auth_info variable in ncacn_push_request_sign()
new 045e9b4 CVE-2015-5370: s4:librpc/rpc: avoid using hs->p->conn->security_state.auth_info in dcerpc_bh_auth_info()
new 630dcb5 CVE-2015-5370: s4:librpc/rpc: avoid using c->security_state.auth_info in ncacn_pull_request_auth()
new a20f132 CVE-2015-5370: s4:librpc/rpc: always use ncacn_pull_request_auth() for DCERPC_PKT_RESPONSE pdus
new e5a4d9a CVE-2015-5370: s4:librpc/rpc: avoid dereferencing sec->auth_info in dcerpc_request_prepare_vt()
new 84d8692 CVE-2015-5370: s4:librpc/rpc: simplify checks if gensec is used in dcerpc_ship_next_request()
new 0f7bb07 CVE-2015-5370: s4:librpc/rpc: avoid using dcecli_security->auth_info and use per request values
new 2240a39 CVE-2015-5370: s4:librpc/rpc: finally verify the server uses the expected auth_{type,level,context_id} values
new 8266be4 CVE-2015-5370: librpc/rpc: add a dcerpc_verify_ncacn_packet_header() helper function
new 665b874 CVE-2015-5370: s3:rpc_client: move AS/U hack to the top of cli_pipe_validate_current_pdu()
new 9a3f045 CVE-2015-5370: s3:rpc_client: remove useless frag_length check in rpc_api_pipe_got_pdu()
new e767733 CVE-2015-5370: s4:librpc/rpc: make use of dcerpc_map_ack_reason() in dcerpc_bind_recv_handler()
new a1c6916 CVE-2015-5370: s4:librpc/rpc: handle DCERPC_PKT_FAULT before anything else in dcerpc_alter_context_recv_handler()
new 1e88acf CVE-2015-5370: s4:librpc/rpc: use dcerpc_verify_ncacn_packet_header() to verify BIND_ACK,ALTER_RESP,RESPONSE pdus
new 69c7776 CVE-2015-5370: s4:librpc/rpc: protect dcerpc_request_recv_data() against too large payloads
new b91112d CVE-2015-5370: s4:rpc_server: make use of talloc_zero()
new c0236de CVE-2015-5370: s4:rpc_server: no authentication is indicated by pkt->auth_length == 0
new 8e8c2da CVE-2015-5370: s4:rpc_server: check the result of dcerpc_pull_auth_trailer() in dcesrv_auth_bind()
new c784fcd CVE-2015-5370: s4:rpc_server: maintain dcesrv_auth->auth_{type,level,context_id}
new b075822 CVE-2015-5370: s4:rpc_server: make use of dce_call->conn->auth_state.auth_* in dcesrv_request()
new 2f0c9d6 CVE-2015-5370: s4:rpc_server/lsa: make use of dce_call->conn->auth_state.auth_{level,type}
new 77e7d19 CVE-2015-5370: s4:rpc_server/samr: make use of dce_call->conn->auth_state.auth_level
new 1780b43 CVE-2015-5370: s4:rpc_server/netlogon: make use of dce_call->conn->auth_state.auth_{level,type}
new d7f0712 CVE-2015-5370: s4:rpc_server: correctly maintain dcesrv_connection->max_{recv,xmit}_frag
new ec8b2a3 CVE-2015-5370: s4:rpc_server: avoid ZERO_STRUCT() in dcesrv_fault()
new 2cf79f9 CVE-2015-5370: s4:rpc_server: set alloc_hint = 24 in dcesrv_fault()
new 494ba35 CVE-2015-5370: s4:rpc_server: fill context_id in dcesrv_fault()
new 97a19d9 CVE-2015-5370: s4:rpc_server: split out a dcesrv_fault_with_flags() helper function
new 0f4a3c3 CVE-2015-5370: s4:rpc_server: add some padding to dcesrv_bind_nak() responses
new f3c68c6 CVE-2015-5370: s4:rpc_server: return the correct secondary_address in dcesrv_bind()
new 358af62 CVE-2015-5370: s4:rpc_server: make dcesrv_process_ncacn_packet() static
new 409b8fd CVE-2015-5370: s4:rpc_server: add infrastructure to terminate a connection after a response
new b40ab6b CVE-2015-5370: s4:rpc_server: verify the protocol headers before processing pdus
new 0d20260 CVE-2015-5370: s4:rpc_server: ensure that the message ordering doesn't violate the spec
new eb3f8a5 CVE-2015-5370: s4:rpc_server: maintain in and out struct dcerpc_auth per dcesrv_call_state
new b51da52 CVE-2015-5370: s4:rpc_server: make sure alter_context and auth3 can't change auth_{type,level,context_id}
new 1da3379 CVE-2015-5370: s4:rpc_server: let invalid request fragments disconnect the connection with a protocol error
new 9a52709 CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dcesrv_bind()
new 0863c95 CVE-2015-5370: s4:rpc_server: don't derefence an empty ctx_list array in dcesrv_alter()
new b430b1f CVE-2015-5370: s4:rpc_server: changing an existing presentation context via alter_context is a protocol error
new 5ac7fc8 CVE-2015-5370: s4:rpc_server: fix the order of error checking in dcesrv_alter()
new d5916e0 CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR
new 9dd171f CVE-2015-5370: s4:rpc_server: let a failing auth3 mark the authentication as invalid
new 772ba3f CVE-2015-5370: s4:rpc_server: disconnect after a failing dcesrv_auth_request()
new 74de5d8 CVE-2015-5370: s4:rpc_server: give the correct reject reasons for invalid auth_level values
new dd8c942 CVE-2015-5370: s4:rpc_server: check frag_length for requests
new fbf402c CVE-2015-5370: s4:rpc_server: limit allocation and alloc_hint to 4 MByte
new e601549 CVE-2015-5370: s4:rpc_server: only allow one fragmented call_id at a time
new 71d1c9f CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association)
new 14a7db6 CVE-2015-5370: s4:rpc_server: reject DCERPC_PFC_FLAG_PENDING_CANCEL with DCERPC_FAULT_NO_CALL_ACTIVE
new 1ed83c7 CVE-2015-5370: librpc/rpc: don't allow pkt->auth_length == 0 in dcerpc_pull_auth_trailer()
new df3cdf0 CVE-2015-5370: s3:librpc/rpc: remove auth trailer and possible padding within dcerpc_check_auth()
new 19f489d CVE-2015-5370: s3:librpc/rpc: let dcerpc_check_auth() auth_{type,level} against the expected values.
new acea87f CVE-2015-5370: s3:rpc_client: make use of dcerpc_pull_auth_trailer()
new 81bbffa CVE-2015-5370: s3:rpc_client: make use of dcerpc_verify_ncacn_packet_header() in cli_pipe_validate_current_pdu()
new 9818296 CVE-2015-5370: s3:rpc_client: protect rpc_api_pipe_got_pdu() against too large payloads
new df51c22 CVE-2015-5370: s3:rpc_client: verify auth_{type,level} in rpc_pipe_bind_step_one_done()
new 2a92546 CVE-2015-5370: s3:rpc_server: make use of dcerpc_pull_auth_trailer() in api_pipe_{bind_req,alter_context,bind_auth3}()
new 189c0fb CVE-2015-5370: s3:rpc_server: let a failing sec_verification_trailer mark the connection as broken
new af2582e CVE-2015-5370: s3:rpc_server: just call pipe_auth_generic_bind() in api_pipe_bind_req()
new 25bf597 CVE-2015-5370: s3:rpc_server: don't ignore failures of dcerpc_push_ncacn_packet()
new 69280e6 CVE-2015-5370: s3:rpc_server: don't allow auth3 if the authentication was already finished
new 8c96ef7 CVE-2015-5370: s3:rpc_server: let a failing auth3 mark the authentication as invalid
new 63d21d2 CVE-2015-5370: s3:rpc_server: make sure auth_level isn't changed by alter_context or auth3
new 0239bfa CVE-2015-5370: s3:rpc_server: ensure that the message ordering doesn't violate the spec
new cdefee1 CVE-2015-5370: s3:rpc_server: use 'alter' instead of 'bind' for variables in api_pipe_alter_context()
new 1e6b4ab CVE-2015-5370: s3:rpc_server: verify presentation context arrays
new e39fdce CVE-2015-5370: s3:rpc_server: make use of dcerpc_verify_ncacn_packet_header() to verify incoming pdus
new 664d7ac CVE-2015-5370: s3:rpc_server: disconnect the connection after a fatal FAULT pdu
new 8d97085 CVE-2015-5370: s3:rpc_server: let a failing BIND mark the connection as broken
new d30363f CVE-2015-5370: s3:rpc_server: use DCERPC_NCA_S_PROTO_ERROR FAULTs for protocol errors
new 02aef97 CVE-2015-5370: s3:librpc/rpc: remove unused dcerpc_pull_dcerpc_auth()
new 9464684 CVE-2015-5370: s3:rpc_server: check the transfer syntax in check_bind_req() first
new a995740 CVE-2015-5370: s3:rpc_server: don't allow an existing context to be changed in check_bind_req()
new f556d92 CVE-2015-5370: s3:rpc_client: pass struct pipe_auth_data to create_rpc_{bind_auth3,alter_context}()
new cbf20b4 CVE-2015-5370: s3:librpc/rpc: add auth_context_id to struct pipe_auth_data
new ae68d3f CVE-2015-5370: s3:rpc_client: make use of pipe_auth_data->auth_context_id
new 2bc6172 CVE-2015-5370: s3:rpc_server: make use of pipe_auth_data->auth_context_id
new 61faaa6 CVE-2015-5370: s3:librpc/rpc: make use of auth->auth_context_id in dcerpc_add_auth_footer()
new 0cf3151 CVE-2015-5370: s3:librpc/rpc: verify auth_context_id in dcerpc_check_auth()
new 93a0f92 CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()
new 3ef461d CVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_context}
new 8e0b06a CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destructor()
new 024d3b2 CVE-2015-5370: s3:rpc_client: disconnect connection on protocol errors
new 284894c CVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errors
new df411cb CVE-2015-5370: python/samba/tests: add infrastructure to do raw protocol tests for DCERPC
new 88e9a0a CVE-2015-5370: python/samba/tests: add some dcerpc raw_protocol tests
new b065ce6 CVE-2015-5370: s4:selftest: run samba.tests.dcerpc.raw_protocol against plugin_s4_dc
new 5f0e4f1 WHATSNEW: Add release notes for Samba 4.2.10.
new 343f384 VERSION: Disable git snapshots for the 4.2.10 release.
new cb48e70 VERSION: Bump version up to 4.2.11...
new 96331b2 s3:libads: sasl wrapped LDAP connections against with kerberos and arcfour-hmac-md5
new aada3ea WHATSNEW: Add release notes for Samba 4.2.11.
new cdf4f21 VERSION: Disable git snapshots for the 4.2.11 release.
new 47f3a1f Merge tag 'samba-4.2.11' into v4-2-test
new 4882bde VERSION: Bump version up to 4.2.12
new 46d3bb7 lib: tevent: Initial checkin of threaded tevent context calling code.
new a050245 lib: tevent: Initial test of tevent threaded context code.
new b88f6e9 lib: tevent: tests: Add a second thread test that does request/reply.
new 78f5f86 lib: tevent: docs: Add tutorial on thread usage.
new 316ce07 tevent: version 0.9.26
new 1ca26ea lib: tevent: Fix bug in poll backend - poll_event_loop_poll()
new 06a87da lib: tevent: Whitespace cleanup.
new 0345678 Simplify handling of dependencies on external libraries in test_headers.
new a10d492 tevent: Only set public headers field when installing as a public library.
new c496c85 Fix ETIME handling for Solaris event ports.
new 331383c tevent: version 0.9.27
new a8fb85f lib: tevent: Fix memory leak reported by Pavel Březina <pbrezina at redhat.com> when old signal action restored.
new b7e46c1 tevent: version 0.9.28
new 75f26e3 vfs_catia: Fix bug 11827, memleak
new 513b5d7 pydsdb: Also accept ldb.MessageElement values to dsdb routines
new cb827b7 pydsdb: Fix returning of ldb.MessageElement.
new 452d393 libsmb/pysmb: add pytalloc-util dependency to fix the build.
new e29becc s3:wscript: pylibsmb depends on pycredentials
new 9729bdc build: mark explicit dependencies on pytalloc-util
new aec25b0 libads: record session expiry for spnego sasl binds
new e16c8ed nwrap: Fix the build on Solaris
new e3a7138 configure: Don't check for inotify on illumos
new 65cdf7e WHATSNEW: Start release notes for Samba 4.2.12.
new 2bebe80 s4:gensec_tstream: allow wrapped messages up to a size of 0xfffffff
new 64df993 s3:libads/sasl: allow wrapped messages up to a size of 0xfffffff
new d82ec8a lib:krb5_wrap:krb5_samba: increase debug level for smb_krb5_get_default_realm_from_ccache().
new e17baf8 s3:librpc:crypto:gse: increase debug level for gse_init_client().
new 44ddc56 auth/spnego: change log level for 'Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR'
new 26351cd auth/spnego: handle broken mechListMIC response from Windows 2000
new 9dc49c9 auth/ntlmssp: don't require any flags in the ccache_resume code
new abbb1ab auth/ntlmssp: don't require NTLMSSP_SIGN for smb connections
new 8c6865d s3:libsmb: use password = NULL for anonymous connections
new bba0194 libcli/smb: fix NULL pointer derreference in smbXcli_session_is_authenticated().
new 1b1ae2b libcli/smb: add smb1cli_session_set_action() helper function
new d84dde7 libcli/smb: add SMB1 session setup action flags
new 5c18afa libcli/smb: add smbXcli_session_is_guest() helper function
new 163b9ac s3:libsmb: record the session setup action flags
new 0eebd68 s3:libsmb: don't finish the gensec handshake for guest logins
new 40c1d53 s3:libsmb: use anonymous authentication via spnego if possible
new d7e9f09 auth/spnego: only try to verify the mechListMic if signing was negotiated.
new 00f2691 s4:auth_anonymous: anonymous authentication doesn't allow a password
new 5f10f25 s3:auth_builtin: anonymous authentication doesn't allow a password
new 4b5e95a libcli/security: implement SECURITY_GUEST
new a2e3c76 s3:smbd: make use SMB_SETUP_GUEST constant
new 2ceed5d s3:smbd: only mark real guest sessions with the GUEST flag
new 30f511f auth/ntlmssp: do map to guest checking after the authentication
new e23df9d auth/spnego: add spnego:simulate_w2k option for testing
new 7f1596f auth/ntlmssp: add ntlmssp_{client,server}:force_old_spnego option for testing
new 89bc1eb selftest:Samba4: provide DC_* variables for fl2000dc and fl2008r2dc
new f83d138 s3:test_smbclient_auth.sh: this script reqiures 5 arguments
new ea33b55 selftest:Samba4: let fl2000dc use Windows2000 supported_enctypes
new 53ce995 selftest:Samba4: let fl2000dc use Windows2000 style SPNEGO/NTLMSSP
new ec6c73a s3:selftest: add smbclient_ntlm tests
new a107bcb WHATSNEW: Update release notes.
new 7f48c16 WHATSNEW: Last bugfix release.
new 4ce9415 WHATSNEW: Add release date.
new e4e16a1 VERSION: Disable git snapshots for the 4.2.12 release.
new 0ef06ee VERSION: Bump version up to 4.2.12...
new e410d79 libcli/auth: let msrpc_parse() return talloc'ed empty strings
new 93155fa s3:ntlm_auth: make ntlm_auth_generate_session_info() more complete
new b6c9438 s3:smbd: fix anonymous authentication if signing is mandatory
new 615516b s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT
new 0ab3ef3 s3: auth: Move the declaration of struct dom_sid tmp_sid to function level scope.
new 4759f64 smbd: Fix an assert
new 3af9006 s3: krb5: keytab - The done label can be jumped to with context == NULL.
new 1ff9b09 WHATSNEW: Add release notes for Samba 4.2.13.
new f03201a VERSION: Disable git snapshots for the 4.2.13 release.
new 9c6e913 VERSION: Bump version up to 4.2.14...
new 6509689 dcerpc.idl: add DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE
new d069b66 s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes
new f772649 s4:rpc_server: use a variable for the max total reassembled request payload
new 434aaaf dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE
new ea9ddb4 ctdb-common: Protocol argument must be in host order for socket() call
new 8368f6f ctdb-common: Use documented names for protocol family in socket()
new 7e73588 ctdb-common: For AF_PACKET socket types, protocol is in network order
new b9200a6 CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing
new db256b6 CVE-2016-2019: s3:libsmb: add comment regarding smbXcli_session_is_guest() with mandatory signing
new 13437f9 CVE-2016-2019: s3:selftest: add regression tests for guest logins and mandatory signing
new eb480ea WHATSNEW: Add release notes for Samba 4.2.14.
new c7c5fe1 VERSION: Disable git snapshots for the 4.2.14 release.
new 7b31b11 New upstream version 4.2.14+dfsg
new 9254677 Merge tag 'upstream/4.2.14+dfsg' into jessie
new d29a694 New upstream release.
The 551 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 297 ++++++++++++++++-
auth/gensec/spnego.c | 66 +++-
auth/ntlmssp/gensec_ntlmssp_server.c | 15 +-
auth/ntlmssp/ntlmssp_client.c | 15 +-
auth/ntlmssp/ntlmssp_server.c | 40 +++
ctdb/common/system_aix.c | 4 +-
ctdb/common/system_common.c | 2 +-
ctdb/common/system_freebsd.c | 4 +-
ctdb/common/system_gnu.c | 4 +-
ctdb/common/system_kfreebsd.c | 4 +-
ctdb/common/system_linux.c | 10 +-
ctdb/config/events.d/11.natgw | 4 -
ctdb/config/events.d/49.winbind | 7 -
ctdb/doc/ctdb-statistics.7 | 4 +-
ctdb/doc/ctdb-statistics.7.html | 134 ++++----
ctdb/doc/ctdb-tunables.7 | 4 +-
ctdb/doc/ctdb-tunables.7.html | 108 +++---
ctdb/doc/ctdb.1 | 4 +-
ctdb/doc/ctdb.1.html | 216 ++++++------
ctdb/doc/ctdb.7 | 4 +-
ctdb/doc/ctdb.7.html | 42 +--
ctdb/doc/ctdbd.1 | 4 +-
ctdb/doc/ctdbd.1.html | 8 +-
ctdb/doc/ctdbd.conf.5 | 4 +-
ctdb/doc/ctdbd.conf.5.html | 58 ++--
ctdb/doc/ctdbd_wrapper.1 | 4 +-
ctdb/doc/ctdbd_wrapper.1.html | 4 +-
ctdb/doc/ltdbtool.1 | 4 +-
ctdb/doc/ltdbtool.1.html | 10 +-
ctdb/doc/onnode.1 | 4 +-
ctdb/doc/onnode.1.html | 14 +-
ctdb/doc/ping_pong.1 | 4 +-
ctdb/doc/ping_pong.1.html | 8 +-
ctdb/tools/ctdb.c | 4 +-
ctdb/utils/smnotify/smnotify.c | 6 +-
debian/changelog | 9 +
docs-xml/manpages/smbspool.8.xml | 5 +
docs-xml/manpages/smbspool_krb5_wrapper.8.xml | 64 ++++
docs-xml/wscript_build | 1 +
docs/manpages/dbwrap_tool.1 | 56 +---
docs/manpages/eventlogadm.8 | 4 +-
docs/manpages/findsmb.1 | 4 +-
docs/manpages/idmap_ad.8 | 4 +-
docs/manpages/idmap_autorid.8 | 4 +-
docs/manpages/idmap_hash.8 | 4 +-
docs/manpages/idmap_ldap.8 | 4 +-
docs/manpages/idmap_nss.8 | 4 +-
docs/manpages/idmap_rfc2307.8 | 4 +-
docs/manpages/idmap_rid.8 | 4 +-
docs/manpages/idmap_tdb.8 | 4 +-
docs/manpages/idmap_tdb2.8 | 4 +-
docs/manpages/libsmbclient.7 | 4 +-
docs/manpages/lmhosts.5 | 4 +-
docs/manpages/log2pcap.1 | 9 +-
docs/manpages/net.8 | 142 +-------
docs/manpages/nmbd.8 | 59 +---
docs/manpages/nmblookup.1 | 87 +----
docs/manpages/ntlm_auth.1 | 23 +-
docs/manpages/pam_winbind.8 | 4 +-
docs/manpages/pam_winbind.conf.5 | 4 +-
docs/manpages/pdbedit.8 | 56 +---
docs/manpages/profiles.1 | 56 +---
docs/manpages/rpcclient.1 | 168 +---------
docs/manpages/samba-regedit.8 | 163 +--------
docs/manpages/samba-tool.8 | 46 +--
docs/manpages/samba.7 | 4 +-
docs/manpages/samba.8 | 56 +---
docs/manpages/sharesec.1 | 51 +--
docs/manpages/smb.conf.5 | 4 +-
docs/manpages/smbcacls.1 | 168 +---------
docs/manpages/smbclient.1 | 168 +---------
docs/manpages/smbcontrol.1 | 63 +---
docs/manpages/smbcquotas.1 | 137 +-------
docs/manpages/smbd.8 | 57 +---
docs/manpages/smbget.1 | 9 +-
docs/manpages/smbgetrc.5 | 4 +-
docs/manpages/smbpasswd.5 | 4 +-
docs/manpages/smbpasswd.8 | 8 +-
docs/manpages/smbspool.8 | 17 +-
.../{vfs_xattr_tdb.8 => smbspool_krb5_wrapper.8} | 31 +-
docs/manpages/smbstatus.1 | 51 +--
docs/manpages/smbta-util.8 | 4 +-
docs/manpages/smbtar.1 | 4 +-
docs/manpages/smbtree.1 | 137 +-------
docs/manpages/testparm.1 | 42 +--
docs/manpages/vfs_acl_tdb.8 | 4 +-
docs/manpages/vfs_acl_xattr.8 | 4 +-
docs/manpages/vfs_aio_fork.8 | 4 +-
docs/manpages/vfs_aio_linux.8 | 4 +-
docs/manpages/vfs_aio_pthread.8 | 4 +-
docs/manpages/vfs_audit.8 | 4 +-
docs/manpages/vfs_btrfs.8 | 4 +-
docs/manpages/vfs_cacheprime.8 | 4 +-
docs/manpages/vfs_cap.8 | 4 +-
docs/manpages/vfs_catia.8 | 4 +-
docs/manpages/vfs_ceph.8 | 4 +-
docs/manpages/vfs_commit.8 | 4 +-
docs/manpages/vfs_crossrename.8 | 4 +-
docs/manpages/vfs_default_quota.8 | 4 +-
docs/manpages/vfs_dirsort.8 | 4 +-
docs/manpages/vfs_extd_audit.8 | 4 +-
docs/manpages/vfs_fake_perms.8 | 4 +-
docs/manpages/vfs_fileid.8 | 4 +-
docs/manpages/vfs_fruit.8 | 4 +-
docs/manpages/vfs_full_audit.8 | 4 +-
docs/manpages/vfs_glusterfs.8 | 4 +-
docs/manpages/vfs_gpfs.8 | 4 +-
docs/manpages/vfs_linux_xfs_sgid.8 | 4 +-
docs/manpages/vfs_media_harmony.8 | 4 +-
docs/manpages/vfs_netatalk.8 | 4 +-
docs/manpages/vfs_notify_fam.8 | 4 +-
docs/manpages/vfs_prealloc.8 | 4 +-
docs/manpages/vfs_preopen.8 | 4 +-
docs/manpages/vfs_readahead.8 | 4 +-
docs/manpages/vfs_readonly.8 | 4 +-
docs/manpages/vfs_recycle.8 | 4 +-
docs/manpages/vfs_scannedonly.8 | 4 +-
docs/manpages/vfs_shadow_copy.8 | 4 +-
docs/manpages/vfs_shadow_copy2.8 | 4 +-
docs/manpages/vfs_smb_traffic_analyzer.8 | 4 +-
docs/manpages/vfs_snapper.8 | 4 +-
docs/manpages/vfs_streams_depot.8 | 4 +-
docs/manpages/vfs_streams_xattr.8 | 4 +-
docs/manpages/vfs_syncops.8 | 4 +-
docs/manpages/vfs_time_audit.8 | 4 +-
docs/manpages/vfs_tsmsm.8 | 4 +-
docs/manpages/vfs_worm.8 | 4 +-
docs/manpages/vfs_xattr_tdb.8 | 4 +-
docs/manpages/vfs_zfsacl.8 | 4 +-
docs/manpages/vfstest.1 | 51 +--
docs/manpages/wbinfo.1 | 14 +-
docs/manpages/winbind_krb5_locator.7 | 4 +-
docs/manpages/winbindd.8 | 56 +---
lib/krb5_wrap/krb5_samba.c | 4 +-
lib/nss_wrapper/wscript | 2 +-
.../ABI/{tevent-0.9.24.sigs => tevent-0.9.26.sigs} | 2 +
.../ABI/{tevent-0.9.24.sigs => tevent-0.9.27.sigs} | 2 +
.../ABI/{tevent-0.9.24.sigs => tevent-0.9.28.sigs} | 2 +
lib/tevent/doc/tevent_thread.dox | 322 ++++++++++++++++++
lib/tevent/doc/tevent_tutorial.dox | 2 +
lib/tevent/testsuite.c | 330 ++++++++++++++++++
lib/tevent/tevent.h | 52 +++
lib/tevent/tevent_epoll.c | 6 +-
lib/tevent/tevent_poll.c | 5 +-
lib/tevent/tevent_port.c | 22 +-
lib/tevent/tevent_signal.c | 4 +
lib/tevent/tevent_threads.c | 370 +++++++++++++++++++++
lib/tevent/wscript | 6 +-
lib/tsocket/tsocket_bsd.c | 62 +++-
lib/util/util_strlist.c | 18 +-
libcli/auth/msrpc_parse.c | 24 +-
libcli/security/security_token.c | 5 +
libcli/security/security_token.h | 2 +
libcli/security/session.c | 4 +
libcli/security/session.h | 1 +
libcli/smb/smbXcli_base.c | 54 ++-
libcli/smb/smbXcli_base.h | 3 +
libcli/smb/smb_constants.h | 7 +-
librpc/idl/dcerpc.idl | 18 +-
python/samba/dbchecker.py | 4 +-
selftest/target/Samba.pm | 13 +
selftest/target/Samba4.pm | 23 +-
source3/auth/auth_builtin.c | 47 ++-
source3/auth/token_util.c | 2 +-
source3/client/README.smbspool | 17 +
source3/client/smbspool_krb5_wrapper.c | 210 ++++++++++++
source3/libads/kerberos_keytab.c | 18 +-
source3/libads/sasl.c | 21 +-
source3/librpc/crypto/gse.c | 2 +-
source3/libsmb/cliconnect.c | 95 ++++--
source3/modules/vfs_catia.c | 6 +-
source3/param/loadparm.c | 40 ++-
source3/passdb/wscript_build | 2 +-
source3/rpcclient/rpcclient.c | 13 +-
source3/script/tests/test_smbclient_auth.sh | 2 +-
source3/script/tests/test_smbclient_ntlm.sh | 44 +++
source3/selftest/tests.py | 4 +-
source3/smbd/negprot.c | 152 +++++----
source3/smbd/open.c | 18 +-
source3/smbd/oplock.c | 1 +
source3/smbd/posix_acls.c | 39 ++-
source3/smbd/sesssetup.c | 20 +-
source3/smbd/smb2_create.c | 8 +
source3/smbd/smb2_negprot.c | 9 +-
source3/smbd/smb2_sesssetup.c | 7 +-
source3/utils/ntlm_auth.c | 51 ++-
source3/utils/smbget.c | 15 +-
source3/wscript | 11 +-
source3/wscript_build | 12 +-
source4/auth/gensec/gensec_tstream.c | 6 +-
source4/auth/ntlm/auth_anonymous.c | 30 ++
source4/dsdb/pydsdb.c | 162 +++++----
source4/lib/messaging/wscript_build | 2 +-
source4/libcli/wscript_build | 2 +-
source4/libnet/wscript_build | 2 +-
source4/librpc/rpc/dcerpc.c | 5 +-
source4/librpc/rpc/dcerpc.h | 3 +
source4/ntvfs/sysdep/wscript_configure | 13 +-
source4/param/wscript_build | 2 +-
source4/rpc_server/dcerpc_server.c | 5 +-
source4/rpc_server/dcerpc_server.h | 3 +
testsuite/headers/wscript_build | 13 +-
203 files changed, 3248 insertions(+), 2685 deletions(-)
create mode 100644 docs-xml/manpages/smbspool_krb5_wrapper.8.xml
copy docs/manpages/{vfs_xattr_tdb.8 => smbspool_krb5_wrapper.8} (62%)
copy lib/tevent/ABI/{tevent-0.9.24.sigs => tevent-0.9.26.sigs} (97%)
copy lib/tevent/ABI/{tevent-0.9.24.sigs => tevent-0.9.27.sigs} (97%)
copy lib/tevent/ABI/{tevent-0.9.24.sigs => tevent-0.9.28.sigs} (97%)
create mode 100644 lib/tevent/doc/tevent_thread.dox
create mode 100644 lib/tevent/tevent_threads.c
create mode 100644 source3/client/README.smbspool
create mode 100644 source3/client/smbspool_krb5_wrapper.c
create mode 100755 source3/script/tests/test_smbclient_ntlm.sh
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git
More information about the Pkg-samba-maint
mailing list